This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/CSF1WcnLJogzmtvTW4zbdxH149I.roa
File:                     CSF1WcnLJogzmtvTW4zbdxH149I.roa (raw, json)
Hash identifier:          /BQ3atXgmkXNs08xQyzVGIUYihhzzloVi9gnBQ4fEf8=
Subject key identifier:   09:21:75:59:C9:CB:26:88:33:9A:DB:D3:5B:8C:DB:77:11:F5:E3:D2
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       019B76EB7D98E2A9F80F58C76E0C24B22D64
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/CSF1WcnLJogzmtvTW4zbdxH149I.roa
Signing time:             Thu 01 Jan 2026 00:18:23 +0000
ROA not before:           Thu 01 Jan 2026 00:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203194
IP address blocks:        185.142.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:7d:98:e2:a9:f8:0f:58:c7:6e:0c:24:b2:2d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 00:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09217559c9cb2688339adbd35b8cdb7711f5e3d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:63:7e:dc:22:5e:e8:72:4a:ff:73:67:68:a3:
                    46:f8:ce:4d:30:25:6a:79:d8:48:e6:86:3f:32:61:
                    bd:52:61:1b:8c:ae:ec:ed:b2:7d:98:45:96:15:5b:
                    15:cd:2a:6c:29:73:9b:52:1c:39:64:df:8c:99:a8:
                    a6:28:5e:7c:cf:be:36:b0:f0:8c:37:e4:b6:2d:39:
                    84:94:c4:bd:49:39:ff:f3:cd:97:50:a6:d3:2f:03:
                    c4:fb:8d:4a:83:ef:30:17:56:de:be:01:6d:4f:d9:
                    b3:7e:cb:b8:c5:1d:21:82:a9:e1:85:79:70:41:4a:
                    3d:95:2a:e2:a9:88:3c:49:ed:2a:ac:6a:8a:f3:47:
                    57:5b:72:c7:9c:58:91:50:4a:d5:fc:b6:a9:8d:70:
                    a1:03:03:c0:e6:9d:47:04:96:51:5f:2c:4a:43:0b:
                    a7:e6:b0:b1:f5:4c:01:4f:a6:35:76:6a:34:a8:1a:
                    d2:77:1b:bc:7c:dd:51:58:57:96:25:91:a7:c6:44:
                    f1:95:43:e1:84:1e:96:fb:58:b7:26:6d:05:a8:d2:
                    99:b0:01:46:d6:b6:2b:09:73:f1:45:22:4c:e9:49:
                    67:a1:5f:d1:fa:29:13:a3:25:c0:5a:88:39:14:29:
                    b6:42:e6:c2:04:06:1b:38:a3:df:31:03:e8:d5:02:
                    4e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:21:75:59:C9:CB:26:88:33:9A:DB:D3:5B:8C:DB:77:11:F5:E3:D2
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/CSF1WcnLJogzmtvTW4zbdxH149I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:82:23:4f:9e:55:d1:c0:24:1e:b1:5d:18:f0:89:da:77:fc:
         27:36:63:44:33:ee:ea:9b:45:44:dd:8a:8f:d5:72:81:84:10:
         1e:0b:08:2c:c3:80:85:d0:af:00:54:e3:d7:3d:5e:ad:7a:c4:
         f2:3c:66:79:ff:82:3c:6e:73:1f:77:57:1c:65:97:9e:16:9c:
         15:0f:e5:49:d2:e4:28:78:c5:2a:60:86:4b:d8:e2:17:d9:f8:
         54:8b:69:44:ee:1c:96:6b:9e:86:66:94:f4:9c:95:10:d0:90:
         6a:5b:44:9a:35:33:af:ef:97:9a:5f:6b:ff:d5:87:90:3a:a7:
         86:02:70:44:cd:4e:b5:a9:05:0b:0e:b2:3c:34:0e:15:45:42:
         a1:9e:af:0d:2b:fd:3d:b8:58:85:f1:4d:44:7e:b4:0b:32:7a:
         d5:7d:3c:f6:8b:99:b6:be:2e:20:2d:a2:6e:a1:8c:ec:82:b5:
         69:47:ea:8f:bd:e0:a0:15:d7:59:6f:ae:d3:b4:e1:c6:26:71:
         1c:2e:cb:6e:9c:f2:f7:c3:2d:bc:57:ee:19:cb:09:d1:4b:41:
         e3:9b:7b:a1:a6:75:7e:e0:7c:8a:5f:cb:18:28:c2:ec:28:bd:
         06:ee:88:eb:8d:7c:1f:a0:fb:b9:d0:1e:f3:f8:be:74:57:eb:
         36:cb:31:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt2632Y4qn4D1jHbgwksi1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjYwMTAxMDAxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTIxNzU1OWM5Y2IyNjg4MzM5YWRiZDM1YjhjZGI3NzExZjVlM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmN+3CJe6HJK/3NnaKNG+M5NMCVq
edhI5oY/MmG9UmEbjK7s7bJ9mEWWFVsVzSpsKXObUhw5ZN+MmaimKF58z742sPCM
N+S2LTmElMS9STn/882XUKbTLwPE+41Kg+8wF1bevgFtT9mzfsu4xR0hgqnhhXlw
QUo9lSriqYg8Se0qrGqK80dXW3LHnFiRUErV/LapjXChAwPA5p1HBJZRXyxKQwun
5rCx9UwBT6Y1dmo0qBrSdxu8fN1RWFeWJZGnxkTxlUPhhB6W+1i3Jm0FqNKZsAFG
1rYrCXPxRSJM6UlnoV/R+ikToyXAWog5FCm2QubCBAYbOKPfMQPo1QJORQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkhdVnJyyaIM5rb01uM23cR9ePSMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvQ1NGMVdjbkxKb2d6bXR2VFc0emJkeEgxNDlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY7kMA0G
CSqGSIb3DQEBCwUAA4IBAQCXgiNPnlXRwCQesV0Y8Inad/wnNmNEM+7qm0VE3YqP
1XKBhBAeCwgsw4CF0K8AVOPXPV6tesTyPGZ5/4I8bnMfd1ccZZeeFpwVD+VJ0uQo
eMUqYIZL2OIX2fhUi2lE7hyWa56GZpT0nJUQ0JBqW0SaNTOv75eaX2v/1YeQOqeG
AnBEzU61qQULDrI8NA4VRUKhnq8NK/09uFiF8U1EfrQLMnrVfTz2i5m2vi4gLaJu
oYzsgrVpR+qPveCgFddZb67TtOHGJnEcLstunPL3wy28V+4ZywnRS0Hjm3uhpnV+
4HyKX8sYKMLsKL0G7ojrjXwfoPu50B7z+L50V+s2yzHO
-----END CERTIFICATE-----